Six security flaws in iOS found by Google's Project Zero, patched in iOS 12.4

Written 10 months ago by IanDorfman

Google's infamous bug and exploit hunters at its secretive Project Zero detailed and demonstrated six different bugs in Apple's iOS mobile operating system. The bugs were all able to be exploited via the operating system's ubiquitous Small iMessage iconiMessage app built in to every release.

According to the two Project Zero researchers that discovered and detailed the exploits, four out of the six could be executed without the Small iOS iconiOS device being targeted ever being interacted with by the end user. All that had to be done was the opening of a message with the malicious code needed to take advantage of the exploit.

The other two exploits could also be performed without end-user interaction, though only to "leak data from a device's memory and read files off a remote device," according to a report by ZDNet. A report and demonstration of these exploits will be given next week at the annual Black Hat security conference in Las Vegas.

The 12.4 release of iOS resolved all of these issues when it was released on July 22nd. For anyone who has yet to update to this release, it is highly recommended to do so. This is especially true due to the Project Zero research team releasing a proof of concept demonstration of the exploits in action.

Further coverage:
ZDNet
Engadget